From 93249f1901cc3f1f08d5f8f66f7cd6f7bd918946 Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Thu, 16 Dec 2010 17:47:59 -0600
Subject: [PATCH] dns: direct IPv4 reverse DNS queries to split DNS servers

When split DNS is used for a local caching nameserver, make sure
that reverse DNS queries for hosts within the VPN tunnel are directed
to the VPN's nameservers, not to the public upstream nameservers.
---
 src/dns-manager/Makefile.am      |    4 +-
 src/dns-manager/nm-dns-dnsmasq.c |   22 +++++++--
 src/dns-manager/nm-dns-utils.c   |   99 ++++++++++++++++++++++++++++++++++++++
 src/dns-manager/nm-dns-utils.h   |   28 +++++++++++
 4 files changed, 148 insertions(+), 5 deletions(-)
 create mode 100644 src/dns-manager/nm-dns-utils.c
 create mode 100644 src/dns-manager/nm-dns-utils.h

diff --git a/src/dns-manager/Makefile.am b/src/dns-manager/Makefile.am
index 1ffe62d..7b5fc4f 100644
--- a/src/dns-manager/Makefile.am
+++ b/src/dns-manager/Makefile.am
@@ -14,7 +14,9 @@ libdns_manager_la_SOURCES = \
 	nm-dns-dnsmasq.h \
 	nm-dns-dnsmasq.c \
 	nm-dns-bind.h \
-	nm-dns-bind.c
+	nm-dns-bind.c \
+	nm-dns-utils.h \
+	nm-dns-utils.c
 
 libdns_manager_la_CPPFLAGS = \
 	$(DBUS_CFLAGS) \
diff --git a/src/dns-manager/nm-dns-dnsmasq.c b/src/dns-manager/nm-dns-dnsmasq.c
index 41c8e2a..9cc0197 100644
--- a/src/dns-manager/nm-dns-dnsmasq.c
+++ b/src/dns-manager/nm-dns-dnsmasq.c
@@ -33,6 +33,7 @@
 #include "nm-logging.h"
 #include "nm-ip4-config.h"
 #include "nm-ip6-config.h"
+#include "nm-dns-utils.h"
 
 G_DEFINE_TYPE (NMDnsDnsmasq, nm_dns_dnsmasq, NM_TYPE_DNS_PLUGIN)
 
@@ -75,9 +76,11 @@ add_ip4_config (GString *str, NMIP4Config *ip4, gboolean split)
 	gboolean added = FALSE;
 
 	if (split) {
+		char **domains, **iter;
+
 		/* FIXME: it appears that dnsmasq can only handle one nameserver
-		 * per domain (at the manpage seems to indicate that) so only use
-		 * the first nameserver here.
+		 * per domain (and the manpage says this too) so only use the first
+		 * nameserver here.
 		 */
 		addr.s_addr = nm_ip4_config_get_nameserver (ip4, 0);
 		memset (&buf[0], 0, sizeof (buf));
@@ -103,6 +106,17 @@ add_ip4_config (GString *str, NMIP4Config *ip4, gboolean split)
 				added = TRUE;
 			}
 		}
+
+		/* Ensure reverse-DNS works by directing queries for in-addr.arpa
+		 * domains to the split domain's nameserver.
+		 */
+		domains = nm_dns_utils_get_ip4_rdns_domains (ip4);
+		if (domains) {
+			for (iter = domains; iter && *iter; iter++)
+				g_string_append_printf (str, "server=/%s/%s\n", *iter, buf);
+			g_strfreev (domains);
+			added = TRUE;
+		}
 	}
 
 	/* If no searches or domains, just add the namservers */
@@ -216,7 +230,7 @@ update (NMDnsPlugin *plugin,
 	}
 
 	/* Now add interface configs without split DNS */
-	for (iter = (GSList *) dev_configs; iter;iter = g_slist_next (iter)) {
+	for (iter = (GSList *) dev_configs; iter; iter = g_slist_next (iter)) {
 		if (NM_IS_IP4_CONFIG (iter->data))
 			add_ip4_config (conf, NM_IP4_CONFIG (iter->data), FALSE);
 		else if (NM_IS_IP6_CONFIG (iter->data))
@@ -224,7 +238,7 @@ update (NMDnsPlugin *plugin,
 	}
 
 	/* And any other random configs */
-	for (iter = (GSList *) other_configs; iter;iter = g_slist_next (iter)) {
+	for (iter = (GSList *) other_configs; iter; iter = g_slist_next (iter)) {
 		if (NM_IS_IP4_CONFIG (iter->data))
 			add_ip4_config (conf, NM_IP4_CONFIG (iter->data), FALSE);
 		else if (NM_IS_IP6_CONFIG (iter->data))
diff --git a/src/dns-manager/nm-dns-utils.c b/src/dns-manager/nm-dns-utils.c
new file mode 100644
index 0000000..615adfd
--- /dev/null
+++ b/src/dns-manager/nm-dns-utils.c
@@ -0,0 +1,99 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/* This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2010 Red Hat, Inc.
+ *
+ */
+
+#include <arpa/inet.h>
+#include <string.h>
+
+#include "nm-dns-utils.h"
+#include "nm-utils.h"
+
+static void
+add_ip4_to_rdns_array (guint32 ip, GPtrArray *domains) /* network byte order */
+{
+	guint32 defprefix;
+	guchar *p;
+	char *str = NULL;
+	int i;
+
+	defprefix = nm_utils_ip4_get_default_prefix (ip);
+
+	/* Convert to host byte order, mask the host bits, and convert back */
+	ip = ntohl (ip);
+	ip &= 0xFFFFFFFF << (32 - defprefix);
+	ip = htonl (ip);
+	p = (guchar *) &ip;
+
+	if (defprefix == 8)
+		str = g_strdup_printf ("%u.in-addr.arpa", p[0] & 0xFF);
+	else if (defprefix == 16)
+		str = g_strdup_printf ("%u.%u.in-addr.arpa", p[1] & 0xFF, p[0] & 0xFF);
+	else if (defprefix == 24)
+		str = g_strdup_printf ("%u.%u.%u.in-addr.arpa", p[2] & 0xFF, p[1] & 0xFF, p[0] & 0xFF);
+
+	g_return_if_fail (str != NULL);
+
+	/* Suppress duplicates */
+	for (i = 0; i < domains->len; i++) {
+		if (strcmp (str, g_ptr_array_index (domains, i)) == 0)
+			break;
+	}
+
+	if (i == domains->len)
+		g_ptr_array_add (domains, str);
+	else
+		g_free (str);
+}
+
+char **
+nm_dns_utils_get_ip4_rdns_domains (NMIP4Config *ip4)
+{
+	GPtrArray *domains = NULL;
+	int i;
+
+	g_return_val_if_fail (ip4 != NULL, NULL);
+
+	domains = g_ptr_array_sized_new (5);
+
+	/* To calculate the reverse DNS domains for this IP4 config, we take
+	 * all the IP addresses and routes in the config, calculate the network
+	 * portion, and convert that to classful, and use the network bits for
+	 * the final domain.  FIXME: better handle classless routing, which might
+	 * require us to add multiple domains for each actual network prefix to
+	 * cover all the separate networks in that block.
+	 */
+
+	for (i = 0; i < nm_ip4_config_get_num_addresses (ip4); i++) {
+		NMIP4Address *addr = nm_ip4_config_get_address (ip4, i);
+
+		add_ip4_to_rdns_array (nm_ip4_address_get_address (addr), domains);
+	}
+
+	for (i = 0; i < nm_ip4_config_get_num_routes (ip4); i++) {
+		NMIP4Route *route = nm_ip4_config_get_route (ip4, i);
+
+		add_ip4_to_rdns_array (nm_ip4_route_get_dest (route), domains);
+	}
+
+	/* Terminating NULL so we can use g_strfreev() to free it */
+	g_ptr_array_add (domains, NULL);
+
+	/* Free the array and return NULL if the only element was the ending NULL */
+	return (char **) g_ptr_array_free (domains, (domains->len == 1));
+}
+
diff --git a/src/dns-manager/nm-dns-utils.h b/src/dns-manager/nm-dns-utils.h
new file mode 100644
index 0000000..daa6711
--- /dev/null
+++ b/src/dns-manager/nm-dns-utils.h
@@ -0,0 +1,28 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/* This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2010 Red Hat, Inc.
+ *
+ */
+
+#ifndef NM_DNS_UTILS_H
+#define NM_DNS_UTILS_H
+
+#include "nm-ip4-config.h"
+
+char **nm_dns_utils_get_ip4_rdns_domains (NMIP4Config *ip4);
+
+#endif  /* NM_DNS_UTILS_H */
+
-- 
1.7.3.4

